AI Plugin Flaw Exposes 50,000 WordPress Sites to Remote Attacks

A critical vulnerability has been identified in the AI Engine plugin for WordPress, affecting over 50,000 sites using its free version. This plugin is popular for its array of artificial intelligence features, enabling users to create chatbots, manage content, and enhance various aspects of their websites through AI-driven tools like translation and SEO optimization.

However, this widespread usage is now at risk due to a flaw that was revealed today by Patchstack, a leading cybersecurity firm. The vulnerability lies in the plugin’s `rest_upload` function within its `files.php` module. Specifically, it’s an unauthenticated arbitrary file upload vulnerability, which could allow any unauthorized user to upload potentially dangerous files to a site, including malicious PHP files. This could lead to remote code execution, giving attackers control over affected WordPress installations.

The root of the problem is tied to the `permission_callback` parameter in the plugin’s REST API endpoints, which is currently set to `__return_true`. This setting permits any unauthenticated user to execute the vulnerable functions without proper validation. Furthermore, the code fails to adequately check file types and extensions, enabling attackers to upload any file, thereby creating a significant security threat.

In response to this critical issue, the plugin’s developers have released a patch with version 1.9.99. This update introduces necessary permission checks for custom REST API endpoints and implements the `wp_check_filetype_and_ext` function to ensure that file types and extensions are properly validated before upload.

Given the seriousness of this vulnerability, it is strongly recommended that all users of the AI Engine plugin immediately update to version 1.9.99 or later. The issue has been assigned the identifier CVE-2023-51409 for tracking purposes.

Patchstack’s advisory also stresses the importance of vigilant security practices when developing plugins or themes. They advise, “Always thoroughly check the processes involving the `$_FILES` parameter in your plugin or theme code. Before allowing a file upload, ensure that both the filename and extension are carefully validated. Additionally, make sure that permission checks on custom REST API endpoints are robust.”

 

Leave a Reply

Your email address will not be published. Required fields are marked *